#!/usr/bin/python3
# -*- coding: utf-8 -*-

"""
   入口程序
"""


from app import create_app
from flask import request, jsonify, g
from utils.response_code import RET

from itsdangerous import Serializer


from service.administratorTokenService import AdministratorTokenService
from utils.loggings import loggings



# 创建flask的app对象
app = create_app("develop")

# 创建全站拦截器,每个请求之前做处理
@app.before_request
def user_validation():
    print(request.endpoint)  # 方便跟踪调试

    if not request.endpoint: # 如果请求点为空
        return jsonify(code=RET.URLNOTFOUND, message="url not found", error="url not found")

@app.before_request
def user_require_token():
    # 不需要token验证的请求点列表
    permission = ['apiversion.Apiversion', 'administrator.Administrator', 'article.Article',
                  'user.User', 'paper.Paper', 'word.Word', 'wordbook.Wordbook',
                  'userWordTimes.UserWordTimes', 'dictionary.Dictionary', 'wordWordbookAppend.WordWordbookAppend',
                  'wordDictionary.WordDictionary', 'plan.Plan',
                  'administrator.AdministratorRegister','administrator.AdministratorLogin',
                  'user.UserRegister','user.UserLogin']

    # 如果不是请求上述列表中的接口，需要验证token
    if request.endpoint not in permission:
        # 在请求头上拿到token
        token = request.headers.get("token")
        if not all([token]):
            return jsonify(code=RET.PARAMERR, message="缺少参数token或请求非法")

        # 校验token格式正确与过期时间
        s = Serializer(app.config["SECRET_KEY"])
        try:
            data = s.loads(token)
        except Exception as e:
            loggings.exception(1, e)
            # 单平台用户登录失效
            return jsonify(code=RET.SESSIONERR, message='用户未登录或登录已过期')
        # 处理多平台登录的问题
        kwargs = {
            "user_id": data["id"],
        }
        try:
            token_model = AdministratorTokenService.get_token(**kwargs)
            if not token_model:
                return jsonify(code=RET.SESSIONERR, message='用户未登录或登录已过期(已退出)')
            sql_token = token_model.first().token
        except Exception as e:
            # 校验token是否有效，用户点击退出后该token无效
            return jsonify(code=RET.SESSIONERR, message='用户未登录或登录已过期(已退出)', error=str(e))

        if token != sql_token:
            return jsonify(code=RET.SESSIONERR, message='用户未登录或登录已过期(多平台)')

        # 将用户信息保存到g对象
        result_dict = AdministratorTokenService.get_user_by_token(sql_token)
        if result_dict['code'] == '2000':
            g.user = result_dict['data']
        else:
            return jsonify(code=result_dict['code'], message=result_dict['message'])







    # # 如果不是请求上述列表中的接口，需要验证token
    # if request.endpoint not in permission:
    #     # 在请求头上拿到token
    #     token = request.headers.get("Token")
    #     if not all([token]):
    #         return jsonify(code=RET.PARAMERR, message="缺少参数Token或请求非法")
    #
    #     # 校验token格式正确与过期时间
    #     secret_key = app.config['SECRET_KEY']
    #     from utils.jwt_util import JwtToken
    #
    #     verify_status, payload_data = JwtToken.parse_token(token, secret_key=secret_key)
    #     if not verify_status:
    #         # 单平台用户登录失效
    #         app.logger.error(payload_data.get("err"))
    #         return jsonify(code=RET.SESSIONERR, message='用户未登录或登录已过期', error=payload_data.get("err"))
    #
    #     # 将token中封装的信息存入当前请求的全局变量g
    #     g.user = payload_data


# 创建全站拦截器，每个请求之后根据请求方法统一设置返回头
@app.after_request
def process_response(response):
    allow_cors = ['OPTIONS', 'PUT', 'DELETE', 'GET', 'POST']
    if request.method in allow_cors:
        response.headers["Access-Control-Allow-Origin"] = '*'
        if request.headers.get('Origin') and request.headers['Origin'] == 'http://api.youwebsite.com':
            response.headers["Access-Control-Allow-Origin"] = 'http://api.youwebsite.com'

        response.headers["Access-Control-Allow-Credentials"] = 'true'
        response.headers['Access-Control-Allow-Methods'] = 'OPTIONS,GET,POST,PUT,DELETE'
        response.headers['Access-Control-Allow-Headers'] = 'x-requested-with,content-type,Token,Authorization'
        response.headers['Access-Control-Expose-Headers'] = 'VerifyCodeID,ext'
    return response


if __name__ == "__main__":
    app.run(host='0.0.0.0',debug=True)

